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Introduction 

. 

We describe a remarkable relation between a fundamental notion of mathematical logic 
- that is valid formula of predicate calculus - and the specification of network protocols. 
We explain here in detail several simple examples : the acknowledgement of one or two 
!— ] ■ packets, and then of an arbitrary number. We show that, using this method, it is possible 

to specify the composition of protocols. 

We tried to write a self-contained paper, as far as possible, in what concerns the 
basic notions of the calculus of predicates. In particular, the notion of valid formula is 
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defined with the help of the tools introduced in the present paper (specifically, the game 
associated with the formula). The equivalence with the usual definition of this notion in 
logic is explained in the appendix, but is never used in the paper. 

q ■ Logical framework 

t> : 

The language we use is described below. It is the well known predicate calculus, funda- 
mental in mathematical logic ; important restriction : the only allowed logical symbols are 
— >, _L, V, respectively read as " implies ", " false ", " for all ". In fact, every other logical 
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symbol can be defined with them (see below). This restriction is therefore only syntactic, 
but not semantic. 

We suppose given an infinite set of variables : {x, y, . . .}, an infinite set of constants : 
C = {a, b, . . .} and some predicate symbols P ,Q, R , . . . ; each of them has an arity which 
is an integer > 0. 

Atomic formulas are of the form _L (read false) or Pt\ . . . t^ (denoted also as P(t\, . . . , 
where P is a predicate symbol of arity k and ti, . . . , are variables or constants. 
Formulas of the predicate calculus are built with the following rules : 

• An atomic formula is a formula. 

• If F and G are formulas, then F — > G is a formula (read « F implies G »). 

• If F is a formula and x is a variable, then Vx F is a formula (read " for all x, F "). 

Remark. Propositional calculus is contained in predicate calculus : it has the only lo- 
gical symbols — > and _L, and only predicate symbols of arity 0, usually called propositional 
variables. 
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We shall systematically use the notation A, B — > C for A — > (F? — > C) and, more generally 
A ± , A 2 . . . , A^ ^ B for — > (A 2 —>(••• (A n - S) • • •))■ 

Usual connectives A, V, <-> of propositional calculus are considered as abbreviations, 
and defined as follows : 

^F is F -> JL ; F A G is (F , G -> J.) -> JL ; F V G is ->F , ->G — > _L ; 
F <-> G is (F -> G) A (G -> F) that is ((F -> G), (G -> F) -> J.) -> J_. 

Remark. The connective XOR, usual in computer science and often denoted as F~G, 
can be defined as -iF <-> G. This abbreviation is not used in the formulas of predicate 
calculus. 

The existential quantifier 3 (read " there exists " ) is also considered as an abbreviation : 
3x F is defined as -Vx-i F that is Vx(F — > _L) — > _L. 

The notation x will denote a finite sequence of variables x±, . . . , x n . 
Therefore, we shall write Vx for Vxi . . . Vx„ and the same with 3. 

In a formula such as Vx A, the subformula A is called the scope of the quantifier Vx. 
An occurrence of a variable x in a formula F is called bounded if it is in the scope of a 
quantifier Vx ; otherwise, this occurrence is called free. Given a bounded occurrence of x, 
the quantifier which bounds it, is by definition, the nearest quantifier Vx which has this 
occurrence in its scope. 

For instance, in the formula Vx[Vx(Flx — * Ry) — > Wy(Ry — > Rx)] there are a bound and 
a free occurrence of the variable y and two bounded occurrences of the variable x. These 
two occurrences of x are not bounded by the same quantifier. 

A variable x is called free in the formula F if there is at least one free occurrence of x. 
The formula F is called closed if it contains no free variable. 

The notation F[xi, . . . ,x n ] (or F[x]) will mean that the free variables of the formula F 
are amongst x±, . . . , x n . Then, the formula Vxi . . . Vx n F[x±, . . . , x n ] (or Vx F[x]) is closed. 

In any formula F, we can rename the bounded variables in an arbitrary way, provided 
that no capture of variable occurs. This means that no free occurrence becomes bound ; 
and that any bound occurrence must remain bounded by the same quantifier. Any formula 
G, obtained from F in this way is considered as identical with F. 
For instance, \/z[\fy(Rx — > Ry) — > Rz\ is identified with \/y\iy(Rx — > Ry) — > Ry]. 

For any formula F[xi, . . . , x k ] = F[x] and constants Oi, . . . , a*,, we denote by 
F[a±, . . . , a*;] = F[a] the closed formula we obtain by replacing each /ree occurrence of Xj 
with dj (1 < i < fc). 

Remark. Any atomic closed formula ^ _L has the form Pa\ . . . where P is a 
predicate symbol of arity k and a±, . . . are constants. In the interpretation in terms of 
network protocols which is given below, such a formula represents a packet, the predicate 
symbol P represents the datas and ai, . . . , represent the header fields of the packet. 
When A; = 0, i.e. when F is a propositional variable, P represents a pure data packet. 

Normal form of a formula 

A formula is said to be in normal form or normal, if it can be obtained by means of 
the following rules : 
• an atomic formula A is normal ; 
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• if $i,...,$ n are normal, if A is atomic and if x — (xi, . . . , Xk) is a finite sequence of 
variables, then Vx($i, . . . , <E> n — > A) is a normal formula. 

If 72, = 0, by definition, this formula is Vx A. 

In the same way, if k = this formula is <&i, . . . , $ n — > A. 

For instance, if f? is a unary predicate symbol, the formula Vx Rx — > Vx i?x is not a 
normal form ; but V?/(Vx Rx — * is a normal form. 

With any formula F, we associate its normal form F, which is obtained as follows : 

• if F is atomic, F = F ; 

• if F is Wx G, then F is \/x G ; 

• if F is G — > we write H = Vx(<I>i, — > A). We first rename the (bounded) 
variables x so that they become not free in G (a good method is to use variables that do 
not appear in G) ; then, F is Vx[G, $i, . . . , <E» n — > A]. 

Remark. Obviously, F and F have the same free variables. In particular, if F is 
closed, then F is also closed. 

Note that any formula of the propositional calculus is in normal form. 

For instance, the normal form of the formula (Rx — > Vx Rx) — > Vx Rx is : 
Vz[\/y(Rx -> ity) -> or My\iy(Rx -> ity) -> 

The game associated with a closed formula 

Given a closed formula F, we define a two players' game ; the players will be called 
3loise and \/belard or, more briefly, 3 and V (the same notation as the quantifiers, but no 
confusion is possible). 31oise is also called the " player " or the " defender " and Vbelard 
is called the " opponent ". 

Intuitively, the player 3 defends the formula F, i.e. pretends this formula is " true " and 
the opponent V attacks it, i.e. pretends it is " false ". 

Be careful, there is no symmetry between the players, as it will be seen by the rule of the 
game. To make the intuitive idea more precise, we can say that 3 pretends the formula F 
is " always true " and that V pretends it is " sometimes false " . 

Now, we assume that the closed formula F has been put in normal form. 
Here is the rule of the game associated with this formula [jlk] : 

We have three finite sets of normal closed formulas, denoted by U,V,A, which change 
during the play. The elements of the set A are closed atomic formulas. The sets U and A 
increase during the play. At the beginning of the play, we have U = {F — > _L}, V = {F} 
and A = {-L} (one-element sets). The first move is done by the opponent V. 
Consider now, during the play, a moment when the opponent V must play. 
If, at this moment, the set V is empty, the game stops and V has lost. 
Otherwise, he chooses a formula $ = Vx( , I/ 1 [x], . . . , ^ m [x] — > A[x\) which is in V and a 
sequence a of constants, of the same length as x. 

Then he adds the formulas ^i[a], . . . , \& m [a] to the set U and also the atomic formula A[a] 
to the set A. Then the defender 3 must play. 

She chooses, in the set U, a formula \I> = Vy(<&i[y], ...,$„[?/] — > B[y\) ; she chooses also 
a sequence b of constants, of the same length as y, in such a way that B[b] e A; this is 
always possible, since she can, at least, choose F — > _L which is in U. 
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Then, she replaces the content of the set V with {$i[6], . . . , $n[^]}- 
Then V must play, and so on. 

Remarks. We observe that the opponent V wins if, and only if, the play is infinite. 
The play ends after a finite time if, and only if, V becomes empty (and then, the player 
3 wins). Just before, the player 3 has chosen an atomic formula which is in U n A. 
The intuitive meaning of the rule of this game is as follows : at each moment, the defender 
3 pretends that one of the formulas of U is false and that every formula of V is true. On 
the other hand, the opponent V pretends that every formula of U is true and that one of 
the formulas of V is false. Now, both agree on the fact that every formula of A is false. 

In the examples below, we shall interpret a play of this game as a session of commu- 
nication following a certain protocol. In this interpretation, the opponent V is the sender 
and the defender 3 is the receiver. 

The disymmetry of the game is well expressed by a celebrated sentence of Jon Postel 
(known as " Postel's law " [jp]) : " Be conservative in what you send, be liberal in what 
you receive ". 



Examples 

1) F = P — > P. We can describe an arbitrary play by the following table 

U V A 

-> P) -> JL P -> P JL 

P) -> ±, P unchanged _L, P 

unchanged unchanged 

unchanged unchanged 



» JL 

J-,P 
unchanged 
unchanged 



V has no choice 
3 chooses (P -> P) -> JL 

V has no choice 
3 chooses (P — > P) — > _L 



unchanged unchanged unchanged 3 chooses P 

unchanged unchanged 3 wins 

The different possible plays depend only on the number n of times when 3 chooses the 
formula (P — > P) — > _L. If n is infinite, 3 loses. 

2) P = P 



► Q 
u 

(P - Q) - JL 
(P^Q)^J_,P 
unchanged 
unchanged 



V 

P^Q 
unchanged 
unchanged 
unchanged 



A 

J_ 

unchanged 
unchanged 



V has no choice 

3 cannot choose P 

V has no choice 

3 cannot chooseP 



There is only one possible play and V wins, since this play is infinite. 

3) The reader is invited to study by himself the following two examples : 
({Q -> Q) -> P) -> P; ((P -> Q) -»• P) -»• P (Pence's law). 

4) F = \/x Px -> Px. The normal form of P est G = Vy(Vx Px -> Py). 
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u 

->G 
^G,Vx Px 
unchanged 
unchanged 



V 

G 

unchanged 
unchanged 
unchanged 



A 

± 

unchanged 
±,Pb ,Pb 1 



V chooses bo 
3 chooses ->G 

V chooses bi 

3 chooses ->F 



unchanged unchanged _L, Pbo, . . . , Pb n 3 chooses \/x Px and bi 

unchanged unchanged 3 wins 

Like in example 1, the play only depends on the moment when the player 3 chooses the 
formula Vx Px and one of the b^s already chosen by the opponent V. 

We can give the following interpretation, in terms of network : the player V sends the 
data packet P with the headers b , then 6 1; ... The acknowledgement by the receiver 3 
only happens at the n-th step, and it is the packet Pbi that is acknowledged. Then the 
play, that is to say the session, stops immediately. From the network point of view, this 
means that the acknowledgement cannot be lost ; in other words, that the channel from 
the receiver 3 to the sender V is reliable. 

In the following section, we treat a particularly important example : the acknowledgement 
of a packet in a channel which is not reliable. 



The formula 3x(Px — > My Py) 

Let us call F the normal form of this formula, i.e. Va;(Vy(Fx — > Py) — > _L) — > _L. For 
the sake of clarity, let us put G[x] = \/y(Px — > Py) ; thus, we have F = -iVx-i G[x\. 

The tables I and II below represent what happens during a play, in the (very particular) 
case when 3 plays in such a way as to win as quickly as possible. There are two possibilities, 
following what the opponent V plays at line 3 : 



Table I 

U 
-iF 

^F,\/x^G[x] 
unchanged 
^F,Vx^G[x],Pa 
unchanged 
^F,Vx^G[x],Pa,Pb 
unchanged 



V A 

F _L V chooses F 

unchanged unchanged 3 chooses Wx^G[x] and a 

G[a] = Wy(Pa Py) unchanged V chooses b, with b ^ a 

unchanged _L, Pb 3 chooses \/x->G[x] and b 

G[b] = Vy(Pb — > Py) unchanged V chooses c 

unchanged L,Pb,Pc 3 chooses Pb 

unchanged 3 wins 



Table II 

U 
-iF 
-nF,Vx^G[x] 
unchanged 
^F,Vx^G[x],Pa 
unchanged 



V 
F 

unchanged 
G[a] = Vy(Pa ^ Py) 
unchanged 



A 

JL 

unchanged 
unchanged 

±,Pa 
unchanged 



V chooses F 

3 chooses \/x - 

V chooses a 

3 chooses Pa 
3 wins 



>G[x] and o 



But this is only a particular case. The game we are considering presents, in fact, a 
great variety of possible plays. We shall see that these various plays correspond exactly 
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to the various possibilities which may happen during the acknowledgement of a packet. 
The play which is described in table I represents the case when the communication oc- 
curred in the best possible way. We can interpret it as follows : the receiver 3 begins the 
session by sending the header a (line 3) ; then the sender V sends the packet Pb (line 4) ; 3 
receives the packet Pb and sends the acknowledgement (line 5) ; then V correctly receives 
this acknowledgement and sends a signal Pc to terminate the session (line 6). 

Several variants are possible : 

i) The player 3 can, at each moment, choose the formula -<F. This corresponds to a re- 
initialisation of the session. 

ii) She can also choose the formula Vx-i G[x] with an arbitrary header a', which corres- 
ponds to no acknowledgement. Then, the opponent V must send the packet again. This 
situation corresponds to the loss of the acknowledgement. 

iii) In this case, the sender V has the possibility of sending Pa' again, which gives to the 
receiver 3 the possibility of finishing the session immediately by choosing precisely the 
formula Pa' (since it is now both in U and .4.). This corresponds to the case when the 
sender asks to finish the session. This may happen at the very beginning : it is the case 
in the play which is described in table II (line 3 : V chooses a) ; this corresponds to a 
refusal of opening the session ; then 3 can only close the session, by choosing Pa (again, 
it is what happens in table II) or to re-initialise it (by choosing ->F or Vx-i 

iv) The player 3 can terminate the play by choosing the formula Pb, where b is any of 
the headers sent by V. This corresponds to a successfull communication session, perhaps 
after some loss of acknowledgements. 

Any session is a combination of an arbitrary number of such variants. 

Sending several packets 

We consider now the case of the acknowledgement of a fixed number n of packets, 
n being a previously given integer ; the order of the packets must be preserved. The 
associated formula F n is defined by recurrence : 

Fx = 3x\/y(Pxx -> Pxy) ; F n+1 = 3x\/y((F n -> P n+1 x) -> P n +iy) ; F n is in normal form. 

For the sake of simplicity, we consider only the case n = 2. We have the formula : 
F' = 3x\/y((F -> Px) -> Py) with F = 3x\/y(Qx -> Qy). 
We put G[x] = Vy((F -> Px) -> Py), H[x] = Vy(Qx -> Qy) ; 
thus, we have F' = Wx^G[x] — > _L and F = \fx->H[x] — > _L. 

The table below describes once more what happens during a play where 3 finishes in the 
quickest possible way. For the sake of clarity, in the columns U and A, we shall put, at 
each line, only the new formulas. 
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U 


V 


.A 


1 


-iF' 


F' 


JL 


2 




unchanged 


unchanged 


3 


unchanged 


G[a\=\/y((F^Pa)^Py) 


unchanged 


4 


F Pa 


unchanged 


Pb 


5 


unchanged 


G[b]=yy((F^Pb)^Py) 


unchanged 


6 


F Pb 


unchanged 


Pc 


7 


unchanged 


F 


unchanged 






acknowledgement of 


the first packet 


8 




unchanged 


unchanged 


9 


unchanged 


H[d] = Vy(Qd - Qy) 


unchanged 


10 




unchanged 


Qe 


11 


unchanged 


H[e\ = Vy(Qe - Qy) 


unchanged 


12 


Qe 


unchanged 


Qf 


13 


unchanged 





unchanged 



V has no choice 

3 chooses \/x—<G[x\ and a 

V chooses b, with b ^ a 

3 chooses Vx->G[x\ and b 

V chooses c 

3 chooses Pb 

V has no choice 

3 chooses Vx->H[x\ and d 

V chooses e, with e ^ d 

3 chooses Vx-iif[x] and e 

V chooses / 
3 chooses Qe 
3 wins 



acknowledgement of the second packet 



In this particular case, we essentially get twice the table I of the previous example. Of 
course, we may get all the variants already described. But new variants may appear : 
indeed, after the acknowledgement of the first packet (lines 8, 10 and 12), the player 3 
can, for instance, come back to line 4, that is to say ask again for the first packet. Thus the 
receiver may lose a packet, even after having correctly acknowledged it. It is interesting 
to notice that she has not to acknowledge it again. 



Strategies and valid formulas 

Let us consider the game associated with a normal closed formula F. A strategy for 3 
in this game is, by definition, a function S, which takes as an argument a finite sequence 
of triples (Hi, H, Ai)o<i< n (Mi, V« are finite sets of normal closed formulas and Ai is a finite 
set of atomic closed formulas) and gives as a result an ordered pair (\&, b) with ^ e U n , 

= Vy(<&i[y], . . . , 3>fc[y] — > B[y\), b has the same length as y and B[b] e An. 
Intuitively, a strategy S for 31oise is a general method which, each time she must play, 
chooses for her a possible play, given all the moves already played. 

The strategy S is called a winning strategy if 3 wins every play following this strategy, 
whatever be the choices of V. 

We could define in the same way the winning strategies for V. 

A normal closed formula F is called valid if there exists a winning strategy for 3, in the 
game associated with F. Valid formulas are exactly those which correspond to network 
protocols. 

Games associated with a conjunction or a disjunction. 

Given two formulas F, G, the game which is associated with the formula FAG, i.e. 
(F, G— >-L)— >_L consists essentially in the following (this is easily checked) : 
The opponent V chooses one of these two formulas and the game goes on, following the 
chosen formula; however, the player 3 can, at every moment, decide to start again the 
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play from the beginning. 

With the formula P V G, it is the player 3 who chooses the formula. 

Composition of protocols 

Let us consider two valid formulas F and G, which correspond respectively to the 
"protocols" (i.e. games) Vf and Vg ', we propose now to build a valid formula H such 
that the associated protocol Vh is : Vf then Vg- 

Let A = P( ) (or _L) be an atomic formula and F a normal formula. An "occur- 

rence" of A in F is simply one of the places, in F, where A appears. 
Each occurrence of an atomic formula A in F appears at the end of a subformula of F, of 
the form Vx(^i, . . . , ^ — > A) ; k will be called the number of hypothesis of this occurrence 
of A. 

Each occurrence of an atomic formula A in F is either positive or negative. This property 
is defined in the following way, by recurrence on the length of F : 

• If F is atomic, then F = A and the occurrence of A in F is positive. 

• If F = G — > H, the occurrence of A in F that we consider, is either in G, or in H. If 
it is in H, its sign is the same in F as in H. If it is in G, it has opposite signs in F and 
in G. 

• If F = \/x G, the occurrence of A we consider, has the same sign in F and in G. 

An atomic occurrence A in F, which is negative and without hypothesis, will be called a 
final atomic occurrence. Indeed, it corresponds to the end of a play. 

Now, we can build the formula H we are looking for : it is obtained by replacing, in F , 
each final atomic occurrence A with G — > A. 

Remark. It is easy to show that, if F and G are valid, then the formula H defined in 
this way is also valid (see the appendix). 

Example. Take the formula F = Vx[Vt/(Px — > Py) — > _L] — > _L which corresponds to 
the sending and the acknowledgement of a packet. 
Then, we get : H = Vx\jy{{G -> Prr) -> Py) -> _L] -> _L. 

Indeed, there are, in P, two atomic negative occurrences, which are Px and the first 
occurrence of _L. The only atomic occurrence without hypothesis is Px. 
In particular, if we take G = \/x\iy(Qx — > Qy) — > _L] — > _L, we get the protocol which 
corresponds to the sending of two packets (see above). 

Formulas and protocols using integer variables 

We now consider formulas written with a new type of variables : the " integer type " ; to 
denote variables of this type, we shall use the letters i,j,k,l,m,n. Thus, there are now 
two types of variables : the type " integer " and the type already defined, which we shall 
call the type " acknowledgement " ; for the variables of this type, we use as before the 
letters x, y, z. 

Moreover, we have function symbols on the integer type (they denote functions from 
integers to integers), in particular the constant and the successor s (which represents 
the function n i— > n + 1). Each function symbol / has an arity k G N and represents a 
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well determined function from N fc to N which is also denoted by /. We define the terms 
of integer type by the following rules : 

• an integer variable or a function symbol of arity (integer constant) is a term of integer 
type. 

• if / is a function symbol of arity k and ti,...,tk are terms of integer type, then 
/(ii, . . • , tk) is a term of integer type. 

We note that a term of integer type without variable (closed term) represents an integer. 

Predicate symbols are also typed. For example, Pnx or P(n, x) (the first argument of P 
is of integer type, the second is of type acknowledgement). 

Definition of formulas. 

• Atomic formulas : Pt\ . . . tk ; U is a constant or a variable of type acknowledgement 
if the i-th place of P is of this type ; a term of type integer, if the i-th place of P is of 
integer type. 

• If F , G are formulas, F — > G is also a formula. 

• If F is a formula, Vz F and Vn F are also formulas. 

• If F is a formula and t, u are terms of integer type, then t = u — > F is also a formula. 
Be careful, the expression t — u alone is not a formula. 

Normal forms. 

They are defined as follows : 

• An atomic formula is normal. 

• If F is normal, Vx F and Vn F are normal. 

• If A is atomic and $1, . . are normal formulas or expressions of the form t = u, 
then $1, . . . , <E»fc — > A is a normal formula. 

We put the formulas under normal form exactly as in the previous case. 
Game associated with a closed formula under normal form. 

We indicate here only the additions to the game rule which has been already given : 

i) when one of the players has chosen a formula V£(<E>i, — > A), (<f = (£ l5 . . . , £ n ) 
where £j is a variable of type integer or acknowledgement) : 

- first, he or she chooses some values a for £. 

- then, he or she computes the (boolean) expressions $j of the form tj = Uj. 

- if all of them are true, we get rid of them and the play goes on as before with the 
(simpler) formula obtained in this way. 

- if any of them is false : 

if 3 is playing, she must choose other values a or another formula (which is always 
possible, as we already saw). 

if the opponent V is playing, then he has lost and the play stops. 

ii) as in the previous game, when the player 3 chooses, in the set U, a formula : 

^ = Vy(<&i[y], . . . , & n [y\ B[y\) and a sequence b of constants, of the same length 
as y, she have to check that B[b] e A, i.e. to check that two atomic closed formulas are 
identical. These formulas may contain closed terms of type integer and these terms must 
be computed before comparing them. 

uj- valid formulas. 

A normal closed formula F will be called uj-valid if there exists a winning strategy for 3, 
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in the game associated with P. The cu-valid formulas are exactly those which correspond 
to network protocols (as before, with valid formulas). 

Example. 

First, V send an integer n; after that, acknowledgement of n packets. The formula is : 
F = Vj{Vi[j = si -> 3x\/y{{Ui -> Fix) -> Pin)] -> £7j} -> Vn£7n. 

£7 is a predicate symbol with one argument of integer type ; P has two arguments, the 
first is of integer type, the second of type acknowledgement. 

Put G = = si^ 3xVy{(Ui -> Pix) -> Pin)] -> t/j} and 

P[i, x] = Vy((£7i -> Fix) -> Pin). 

We put the formula F in normal form, so it is written as F = \/n(G Un). 

The following table shows the particular session in which every packet is acknowledged 
in the quickest possible way. 





U 


V 


A 




1 


->F 


F 


1 


V chooses no 


2 


G 


unchanged 


Un Q 


3 chooses G and uq 


3 


unchanged Vi(no 


=si^>3xH[i, x]) 


unchanged 


V can only choose no — 1 


4 


Vx->H[no— 1, x] 


unchanged 


unchanged 


3 chooses oo 


5 


unchanged 


H[n Q -l,a ] 


unchanged 


V chooses 6o 7^ «o 


6 


£7(n -l)— >P(n -l,a ) 


unchanged 


P(n -1,6 ) 


3 chooses Vx-iH[no—l,x] and &o 


7 


unchanged 


H[n -1, b ] 


unchanged 


V chooses b\ ^ oq, bo 


8 


U(n -l)^P(n -l,b ) 


unchanged 


P(no-l,6i) 


3 chooses £7(no— 1)— >P(no— 1, &o) 


9 


unchanged 


U(n -1) 


unchanged 


V can only choose £7(no— 1) 






acknowledgement 


of packet uq- 


1 








10 


unchanged 


unchanged 


P(no-l) 


3 chooses G and no— 1 



acknowledgement of packet 

unchanged unchanged £70 3 chooses G and 

unchanged Vi(0=.si— >3xH[i, x]) unchanged V has lost 

In order to avoid a supplementary complication, we did not ask that the integer n (the 
number of packets to transmit) which is sent by V, be acknowledged. But if we want this 
integer to be acknowledged, we must add a field " acknowledgement " to the predicate 
symbol £7, which therefore becomes binary. In this case, we write the following formula : 
P = \/n3xVy'((^G[x'] -> Unx') -> Uny') with 
G[x'\ = Vj{Vi[j = si^ 3xVy((Uix' -> Pix) -> Pin)] -> Ujx'} 

The following table shows the beginning of a communication session and the acknowled- 
gement of the integer n. 

We put H[n, x'\ = Vn'((- G[x'] -> £7nx') -> £7ra/). 
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->F 
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JL 


V chooses n 


2 


W -iif [n , x'] 


unchanged 


unchanged 


3 chooses Vx' -iH[n , x'\ and x' 


3 


unchanged 


H[n ,x' ] 


unchanged 


V chooses y' 


4 


-iG[xq] — > Un x' Q 


unchanged 


Un y' 


3 chooses Vx'-iff [no, x'] and y' 


5 


unchanged 


H[no,y'o\ 


unchanged 


V chooses y[ 


6 


^GKl -»• Un y' 


unchanged 


Un y[ 


3 chooses -"G^o] — *■ Un y' 


7 


unchanged 


-GK] 


unchanged 


V has no choice 


8 


G[y' ] 


unchanged 


unchanged 


3 chooses G[y' ] and no 



From now on, the play continues as in the previous example (with the formula G[y' ] 
instead of the formula G). 

Remark. A somewhat simpler formula for the same protocol can be written as : 
\/n3x'\/y' (G[x'] — > Uny') with, as before : 
G[x'\ = = si -> 3xVy((C/ix' -> Fix) -> Piy)] -> £/jx'}. 

The reader will check this easily. 

Appendix 
Valid formulas. 

The usual definition of a valid formula of the predicate calculus uses the notion of model. 
The interested reader will find it, for example in [rcdl] or [jrs]. A formula is called valid if 
it is satisfied in every model. A fundamental theorem of logic, known as the completeness 
theorem, says that a formula is valid if, and only if, it is provable by means of the deduction 
rules of " pure logic " . 

This notion of validity is equivalent to that introduced in the present paper, which is 
given in terms of strategies (see a proof in [jlk]). 

It is often much easier to check the validity of a formula with the help of models. For 
example, it is immediately seen in this way that the formula F = 3x(Px — > Vy Py) is 
valid : indeed, either the model we consider satisfies Py and therefore also F, either it 
satisfies 3x-> Px and thus again F. 

Let us consider two valid formulas F and G, and let H be the formula defined above, 
such that the protocol Vh associated with H is obtained by composing the protocols 
associated with F and G. Then, it is easy to show that H is valid. Indeed, we obtained 
the formula H by replacing, in F, some subformulas A with G — > A. But A and G — > A are 
obviously equivalent, since G is valid. Thus, we get finally a formula H wich is equivalent 
to F, and therefore a valid formula. 

For the formulas with two types (integer and acknowledgement), the situation is a bit 
more complex. The uj- valid formulas are the formulas which are satisfied in every u -model, 
that is to say the models in which the integer type has its standard interpretation. Again, 
in this case, it is often much easier to use this definition in order to check that a formula 
is uj- valid. 

For instance, it is not difficult to show that the formula (that we have already used before) 
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F = G -> VnUn, with G = Vj{Vi[j = si -> 3xVy((£/i -> Fix) -> F%)] -> Z7j"} is w- 
valid. 

Indeed, we assume G and we show £/n by recurrence on the integer n. 

Proof of UO. We put j = in G ; since = si is false, we get UO. 

Proof of C/n — > C/(n + 1). We put j — n + 1 in G. Then, it suffices to show : 

Wi[n + 1 = si — > 3xWy((Ui — > Fix) — > Fiy)] with C/n as an hypothesis. Since n + 1 = si 

is equivalent to i = n, we now need to show 3x\/y((Un — > Fnx) — > Pny), that is to say 

3x\/y(Pnx — > Fny) (because we assume C/n). But this last formula is already shown. 

With some simple changes, the same proof works for the formulas : 
Vn3x'Vy((-i G[x'\ — > Unx') — > Uny') and Vn3x'Vy'(G[x'] — > Uny') 
with G[x'] = Vj{Vi[j = si -> 3xV?/((^x' -> Fix) -> Fiy)] -> J7jx'}. 
Indeed, you only need to show the first one, since the second is trivially weaker. 
Determination of games. 

A game is called determined if one of the players has a winning strategy. It is always the 
case for the games considered in this paper (Gale-Stewart theorem). 
Sketch of proof. Suppose that 3 has no winning strategy. Then, the following strategy is 
winning for the opponent V : to play, at each step, in such a way that the player 3 has no 
winning strategy from this step. Then the play lasts infinitely long, and V wins. 
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